Palo Alto Networks Protocol Protection

Protocol Protection is a feature within Palo Alto Networks' Zone Protection Profiles designed to defend against non-IP protocol-based attacks. It allows administrators to control the use of non-IP protocols across network zones, particularly in Layer 2 VLANs and virtual wire deployments.

1. Purpose of Protocol Protection

Protocol Protection helps prevent unauthorized or potentially harmful non-IP protocols from traversing the network. By controlling these protocols, organizations can reduce their attack surface and enforce compliance with security policies.

2. Configuration Options

Administrators can configure Protocol Protection using either an Include List or an Exclude List:

Include List: Specifies the only non-IP protocols allowed; all others are blocked.
Exclude List: Specifies non-IP protocols to block; all others are allowed.

Each list supports up to 64 Ethertype entries, identified by their IEEE hexadecimal Ethertype codes. Common non-IP protocols include:

LLDP (0x88CC)
Spanning Tree Protocol (STP) (0x0027)
NetBEUI
SCADA protocols like GOOSE

Note: Certain Ethertypes such as IPv4 (0x0800), IPv6 (0x86DD), ARP (0x0806), and VLAN-tagged frames (0x8100) are always allowed and cannot be blocked.

3. Best Practices

Use Include Lists: Prefer Include Lists to explicitly allow only necessary protocols, thereby reducing the attack surface.
Apply to Ingress Zones: Ensure Protocol Protection is applied to zones where external traffic enters the network, especially in Layer 2 and virtual wire deployments.
Monitor Network Traffic: Use tools like NetFlow or Wireshark to identify non-IP protocols in use before configuring Protocol Protection.
Regularly Review Configurations: Periodically review and update the protocol lists to accommodate legitimate changes in network protocol usage.

4. Considerations for PCNSE Exam

The PCNSE exam may assess knowledge on:

Understanding the purpose and function of Protocol Protection.
Configuring Include and Exclude Lists appropriately.
Identifying scenarios where Protocol Protection is applicable.
Implementing best practices to balance security and network functionality.

Familiarity with these aspects will aid in both exam performance and practical application.

🔐 Palo Alto Networks Protocol Protection

1. Purpose of Protocol Protection

2. Configuration Options

3. Best Practices

4. Considerations for PCNSE Exam

5. Additional Resources